Пример #1
0
 class Meta(AppResource.Meta):
     authentication = (SharedSecretAuthentication(), OAuthAuthentication())
     authorization = OwnerAuthorization()
     detail_allowed_methods = []
     list_allowed_methods = ['get']
     resource_name = 'installed/mine'
     slug_lookup = None
Пример #2
0
 class Meta(MarketplaceModelResource.Meta):
     authentication = (SharedSecretAuthentication(), OAuthAuthentication())
     authorization = OwnerAuthorization()
     detail_allowed_methods = ['get', 'patch', 'put']
     fields = ['display_name']
     list_allowed_methods = []
     queryset = UserProfile.objects.filter()
     resource_name = 'settings'
Пример #3
0
    def obj_get(self, request=None, **kwargs):
        if kwargs.get('pk') == 'mine':
            kwargs['pk'] = request.amo_user.pk

        # TODO: put in acl checks for admins to get other users information.
        obj = super(AccountResource, self).obj_get(request=request, **kwargs)
        if not OwnerAuthorization().is_authorized(request, object=obj):
            raise ImmediateHttpResponse(response=http.HttpForbidden())
        return obj
Пример #4
0
 class Meta:
     queryset = Preview.objects.all()
     list_allowed_methods = ['post']
     allowed_methods = ['get', 'delete']
     always_return_data = True
     fields = ['id', 'filetype']
     authentication = MarketplaceAuthentication()
     authorization = OwnerAuthorization()
     resource_name = 'preview'
     filtering = {'addon': ALL_WITH_RELATIONS}
Пример #5
0
 class Meta:
     queryset = FileUpload.objects.all()
     fields = ['valid', 'validation']
     list_allowed_methods = ['post']
     allowed_methods = ['get']
     always_return_data = True
     authentication = MarketplaceAuthentication()
     # This will return that anyone can do anything because objects
     # don't always get passed the authorization handler.
     authorization = OwnerAuthorization()
     resource_name = 'validation'
     serializer = Serializer(formats=['json'])
Пример #6
0
    def obj_delete(self, request, **kwargs):
        obj = self.get_by_resource_or_404(request, **kwargs)
        if not (AppOwnerAuthorization().is_authorized(request,
                                                      object=obj.addon)
                or OwnerAuthorization().is_authorized(request, object=obj) or
                PermissionAuthorization('Users', 'Edit').is_authorized(request)
                or PermissionAuthorization('Addons',
                                           'Edit').is_authorized(request)):
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk))
        return super(RatingResource, self).obj_delete(request, **kwargs)
Пример #7
0
    def obj_get(self, request=None, **kwargs):
        # Until the perms branch lands, this is the only way to lock
        # permissions down on gets, since the object doesn't actually
        # get passed through to OwnerAuthorization.
        try:
            obj = FileUpload.objects.get(pk=kwargs['pk'])
        except FileUpload.DoesNotExist:
            raise ImmediateHttpResponse(response=http.HttpNotFound())

        if not OwnerAuthorization().is_authorized(request, object=obj):
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        log.info('Validation retreived: %s' % obj.pk)
        return obj
Пример #8
0
    def obj_create(self, bundle, request, **kwargs):
        form = UploadForm(bundle.data)
        if not form.is_valid():
            raise self.form_errors(form)

        if not (OwnerAuthorization().is_authorized(request, object=form.obj)):
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)]

        # Create app, user and fetch the icon.
        bundle.obj = Webapp.from_upload(form.obj, plats)
        AddonUser(addon=bundle.obj, user=request.amo_user).save()
        tasks.fetch_icon.delay(bundle.obj)
        log.info('App created: %s' % bundle.obj.pk)
        return bundle
Пример #9
0
    def obj_create(self, bundle, request, **kwargs):
        form = UploadForm(bundle.data)

        if not form.is_valid():
            raise self.form_errors(form)

        if not (OwnerAuthorization().is_authorized(request, object=form.obj)):
            raise ImmediateHttpResponse(response=http.HttpForbidden())

        plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)]

        # Create app, user and fetch the icon.
        bundle.obj = Addon.from_upload(form.obj,
                                       plats,
                                       is_packaged=form.is_packaged)
        AddonUser(addon=bundle.obj, user=request.amo_user).save()

        self._icons_and_images(bundle.obj)
        record_action('app-submitted', request, {'app-id': bundle.obj.pk})

        log.info('App created: %s' % bundle.obj.pk)
        return bundle